DO NOT MERGE: Ensure that unparcelling Region only reads the expected number of bytes

bug: 20883006 Change-Id: I4f109667fb210a80fbddddf5f1bfb7ef3a02b6ce Conflicts: core/jni/android/graphics/Region.cpp
author: Leon Scroggins III <scroggo@google.com> 2015-05-29 16:13:11 -0400
committer: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> 2015-10-18 19:07:10 +0200
commit: 38add157784a2bb5ddb13558573ece99229bb3b0 (patch)
tree: cad1425d571c9412b53453938a10c4ce9f5ae5c3
parent: feaf84ab8c466f98d42d5a29b54ac273f9e9afde (diff)
download: frameworks_base-38add157784a2bb5ddb13558573ece99229bb3b0.zip
frameworks_base-38add157784a2bb5ddb13558573ece99229bb3b0.tar.gz
frameworks_base-38add157784a2bb5ddb13558573ece99229bb3b0.tar.bz2
1 files changed, 6 insertions, 1 deletions
diff --git a/core/jni/android/graphics/Region.cpp b/core/jni/android/graphics/Region.cpp
index 6ba4de2..81c386f 100644
--- a/core/jni/android/graphics/Region.cpp
+++ b/core/jni/android/graphics/Region.cpp
@@ -181,7 +181,12 @@ static SkRegion* Region_createFromParcel(JNIEnv* env, jobject clazz, jobject par
         return NULL;
     }
     SkRegion* region = new SkRegion;
-    region->unflatten(regionData);
+    size_t actualSize = region->unflatten(regionData);
+
+    if (size != actualSize) {
+        delete region;
+        return NULL;
+    }
 
     return region;
 }
author	Leon Scroggins III <scroggo@google.com>	2015-05-29 16:13:11 -0400
committer	Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>	2015-10-18 19:07:10 +0200
commit	38add157784a2bb5ddb13558573ece99229bb3b0 (patch)
tree	cad1425d571c9412b53453938a10c4ce9f5ae5c3
parent	feaf84ab8c466f98d42d5a29b54ac273f9e9afde (diff)
download	frameworks_base-38add157784a2bb5ddb13558573ece99229bb3b0.zip frameworks_base-38add157784a2bb5ddb13558573ece99229bb3b0.tar.gz frameworks_base-38add157784a2bb5ddb13558573ece99229bb3b0.tar.bz2